Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Zoom Blocked, Completely Stumped.

    General pfSense Questions
    3
    34
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dma_pf
      last edited by

      There have been absolutely no changes to my system since yesterday other than updates to pfblocker feeds.

      But today everything to Zoom is blocked. The app on all devices in various vlans cannot connect to Zoom and no browser an any device can access zoom.us. Everything else is working perfectly.

      My first obvious thought was that a pfblocker feed updated and added zoom's servers from some blocklist. I checked the logs and there were no IP or DNSBL entries related to Zoom in the alerts. Devices trying to access zoom weren't even showing up in the alert reports. I tried to do a DNS lookup from pfsense and got a "host could not be resolved" message. I restarted resolver and got the same results. I tried to to a Traceroute from pfsense and got a, "Error: zoom.us could not be traced/resolved" message. I looked in the Resolver logs and it shows that there was no query to Zoom.us.

      I disabled pfblocker and the DNSBL service and also disabled all firewall rules on my Lan interface that use pfblocker aliases. I shut down pfsense. I rebooted my ONT to Verizon, rebooted pfsense and confirmed that both pfblocker services were disabled as well as the firewall rules.

      I tried another DNS lookup from pfsense and again got the, "Host "zoom.us" could not be resolved" message. I restarted Resolver tried another DNS lookup, same results. Tried Traceroute got same, "Error: zoom.us could not be traced/resolved" message.

      From laptop on the LAN I tried to ping, tracert and surf to zoom.us and all fail. I plugged the laptop directly into the Verizon ONT and everything works perfectly.

      I really need some help/guidance, I have no idea what to do next.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Do you have other DNS servers configured in System > General Setup?

        Those should normally also be reported in Diag > DNS lookup.

        You probably still have the DNS-BL custom lists loaded in Unbound. Make sure you run a fun reload in pfBlocker after disabling DNS-BL. Or manually delete the line from the Unbound custom options field and reload it.

        Steve

        D 1 Reply Last reply Reply Quote 0
        • D
          dma_pf @stephenw10
          last edited by dma_pf

          @stephenw10 said in Zoom Blocked, Completely Stumped.:

          Do you have other DNS servers configured in System > General Setup?

          No other servers listed here. Only using the root servers.

          You probably still have the DNS-BL custom lists loaded in Unbound. Make sure you run a fun reload in pfBlocker after disabling DNS-BL. Or manually delete the line from the Unbound custom options field and reload it.

          This makes sense to me now that you got me thinking about it. I was thinking that the reboot of pfsense would have cleared out resolver (its cache). But it makes sense to me that the tables would still exist. I do not have a line on the Resolver custom options to reload it. What would that custom option be and is it required?

          UPDATE:

          So I did a reload of DNSBL in pfblocker Got these results:

          Removing DNSBL Unbound python integration settings
DNS Resolver ( disabled ) unbound.conf modifications:
  Removed DNSBL Unbound Python mode
  Removed DNSBL Unbound Python mode script
Stop Service DNSBL

Stopping Unbound Resolver.
Unbound stopped in 2 sec.
Additional mounts:
  Unmounting: /lib
  Unmounting: /dev
  Unmounting: /var/log/pfblockerng
  Unmounting: /usr/local/share/GeoIP
Removing DNSBL Unbound python mounts:
  Unmounting: /usr/local/bin
  Removing: /var/unbound/usr/local/bin
  Unmounting: /usr/local/lib
  Removing: /var/unbound/usr/local/lib
  Removing: /var/unbound/usr/local
  Removing: /var/unbound/usr

Starting Unbound Resolver... completed [ 03/15/22 13:05:50 ]
DNSBL is disabled


** Stopping firewall filter daemon **

**Saving configuration [ 03/15/22 13:13:50 ]**

          I then restarted DNS Resolver to clear the cache and reset all states in in pfsense including Source Tracking. Then did a DNS Lookup:

          d40d22fa-6abb-4abc-b3cf-272ff3117cba-image.png

          Here's what the DNS Resolver shows for the query:

           Mar 15 16:07:33 	unbound 	1525 	[1525:1] info: validator operate: query zoom.us. A IN
Mar 15 16:07:33 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. A IN
Mar 15 16:07:33 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:33 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:33 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. A IN
Mar 15 16:07:33 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:33 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:33 	unbound 	1525 	[1525:2] info: validator operate: query zoom.us. A IN
Mar 15 16:07:32 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:32 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. A IN
Mar 15 16:07:32 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:32 	unbound 	1525 	[1525:1] info: validator operate: query zoom.us. A IN
Mar 15 16:07:32 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:32 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. A IN
Mar 15 16:07:32 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:32 	unbound 	1525 	[1525:2] info: validator operate: query zoom.us. A IN
Mar 15 16:07:31 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:31 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. A IN
Mar 15 16:07:31 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:31 	unbound 	1525 	[1525:1] info: validator operate: query zoom.us. A IN
Mar 15 16:07:31 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:31 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. A IN
Mar 15 16:07:31 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:31 	unbound 	1525 	[1525:2] info: validator operate: query zoom.us. A IN
Mar 15 16:07:31 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:31 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. A IN
Mar 15 16:07:31 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:31 	unbound 	1525 	[1525:1] info: validator operate: query zoom.us. A IN
Mar 15 16:07:30 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:30 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. A IN
Mar 15 16:07:30 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:30 	unbound 	1525 	[1525:2] info: validator operate: query zoom.us. A IN
Mar 15 16:07:30 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:30 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. A IN
Mar 15 16:07:30 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:30 	unbound 	1525 	[1525:1] info: validator operate: query zoom.us. A IN
Mar 15 16:07:30 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:30 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. A IN
Mar 15 16:07:30 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:30 	unbound 	1525 	[1525:2] info: validator operate: query zoom.us. A IN
Mar 15 16:07:29 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:29 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. A IN
Mar 15 16:07:29 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:29 	unbound 	1525 	[1525:1] info: validator operate: query zoom.us. A IN
Mar 15 16:07:29 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:29 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. A IN
Mar 15 16:07:29 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:29 	unbound 	1525 	[1525:2] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: finishing processing for zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: reply from <zoom.us.> 205.251.196.113#53
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: response for zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: iterator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: finishing processing for zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: reply from <zoom.us.> 205.251.193.131#53
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: response for zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: iterator operate: query zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: finishing processing for zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: reply from <zoom.us.> 205.251.193.131#53
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: response for zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: iterator operate: query zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: finishing processing for zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: reply from <zoom.us.> 205.251.198.236#53
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: response for zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: iterator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: finishing processing for zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: reply from <zoom.us.> 205.251.198.236#53
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: response for zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: iterator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: finishing processing for zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: reply from <zoom.us.> 205.251.195.120#53
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: response for zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: iterator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: finishing processing for zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: reply from <zoom.us.> 205.251.196.113#53
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: response for zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: iterator operate: query zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: finishing processing for zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: reply from <zoom.us.> 205.251.196.113#53
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: response for zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: iterator operate: query zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] debug: sending to target: <zoom.us.> 205.251.196.113#53
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: sending query: zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: processQueryTargets: zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: resolving (init part 3): zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: resolving (init part 2): zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: resolving zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] debug: sending to target: <zoom.us.> 205.251.193.131#53
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: sending query: zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: processQueryTargets: zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: resolving (init part 3): zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: resolving (init part 2): zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: resolving zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. CNAME IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] debug: sending to target: <zoom.us.> 205.251.193.131#53
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: sending query: zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: processQueryTargets: zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: resolving (init part 3): zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: resolving (init part 2): zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] debug: sending to target: <zoom.us.> 205.251.196.113#53
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: sending query: zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: resolving zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: processQueryTargets: zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: resolving (init part 3): zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: resolving (init part 2): zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: resolving zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. AAAA IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] debug: sending to target: <zoom.us.> 205.251.198.236#53
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: sending query: zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: processQueryTargets: zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: resolving (init part 3): zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: resolving (init part 2): zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: resolving zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:0] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] debug: sending to target: <zoom.us.> 205.251.198.236#53
Mar 15 16:07:28 	unbound 	1525 	[1525:3] debug: sending to target: <zoom.us.> 205.251.196.113#53
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: sending query: zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: sending query: zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: processQueryTargets: zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: processQueryTargets: zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: resolving (init part 3): zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: resolving (init part 2): zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: resolving (init part 3): zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: resolving zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:2] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: resolving (init part 2): zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: resolving zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:3] info: validator operate: query zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] debug: sending to target: <zoom.us.> 205.251.195.120#53
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: sending query: zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: processQueryTargets: zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: resolving (init part 3): zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: resolving (init part 2): zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: resolving zoom.us. A IN
Mar 15 16:07:28 	unbound 	1525 	[1525:1] info: validator operate: query zoom.us. A IN

          Clients on the network still can't get to the page.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            If you are running pfBlocker with DNS-BL you will see the Unbound custom option:

            server:include: /var/unbound/pfb_dnsbl.*conf

            If you don't see that then Unbound should not be blocking anything. I would suspect something still cached if that's the case.

            Steve

            D 1 Reply Last reply Reply Quote 0
            • D
              dma_pf @stephenw10
              last edited by

              @stephenw10 Thanks Steve. Maybe it got removed after I had turned off DNSBL and rebooted. I edited my last post with an update with further troubleshooting.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Can you dig against that server dircetly? It fails for me:

                [2.6.0-RELEASE][admin@cedev-3.stevew.lan]/root: dig @205.251.195.120 zoom.com

; <<>> DiG 9.16.23 <<>> @205.251.195.120 zoom.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 60758
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;zoom.com.			IN	A

;; Query time: 16 msec
;; SERVER: 205.251.195.120#53(205.251.195.120)
;; WHEN: Tue Mar 15 21:01:52 GMT 2022
;; MSG SIZE  rcvd: 26

                But succeeds against, for example, 8.8.8.8:

                [2.6.0-RELEASE][admin@cedev-3.stevew.lan]/root: dig @8.8.8.8 zoom.com

; <<>> DiG 9.16.23 <<>> @8.8.8.8 zoom.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42464
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;zoom.com.			IN	A

;; ANSWER SECTION:
zoom.com.		60	IN	A	170.114.0.12

;; Query time: 14 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Mar 15 21:02:15 GMT 2022
;; MSG SIZE  rcvd: 53
                D 1 Reply Last reply Reply Quote 0
                • D
                  dma_pf @stephenw10
                  last edited by dma_pf

                  @stephenw10 You used the wrong domain. It's zoom.us, not, zoom.com. And yes, dig works:

                  ; <<>> DiG 9.16.23 <<>> @205.251.195.120 zoom.us
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32856
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zoom.us.			IN	A

;; ANSWER SECTION:
zoom.us.		60	IN	A	170.114.10.83

;; AUTHORITY SECTION:
zoom.us.		172800	IN	NS	ns-1137.awsdns-14.org.
zoom.us.		172800	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		172800	IN	NS	ns-387.awsdns-48.com.
zoom.us.		172800	IN	NS	ns-888.awsdns-47.net.

;; Query time: 7 msec
;; SERVER: 205.251.195.120#53(205.251.195.120)
;; WHEN: Tue Mar 15 17:33:18 EDT 2022
;; MSG SIZE  rcvd: 192

                  ; <<>> DiG 9.16.23 <<>> @8.8.8.8 zoom.us
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29463
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;zoom.us.			IN	A

;; ANSWER SECTION:
zoom.us.		60	IN	A	170.114.10.89

;; Query time: 16 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Mar 15 17:21:46 EDT 2022
;; MSG SIZE  rcvd: 52

                  No problem reaching it from my phone through data. Also had no issue reaching it with a laptop plugged directly into my Verizon ONT.

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @dma_pf
                    last edited by johnpoz

                    @dma_pf said in Zoom Blocked, Completely Stumped.:

                    ;; ANSWER SECTION:
                    zoom.us. 60 IN A 170.114.10.89

                    60 second TTL - that is just horrible of them..

                    These are the NS for that domain.

                    ;; QUESTION SECTION:
;zoom.us.                       IN      NS

;; ANSWER SECTION:
zoom.us.                86400   IN      NS      ns-1772.awsdns-29.co.uk.
zoom.us.                86400   IN      NS      ns-387.awsdns-48.com.
zoom.us.                86400   IN      NS      ns-888.awsdns-47.net.
zoom.us.                86400   IN      NS      ns-1137.awsdns-14.org.

                    You should be able to query any of those directly

                    $ dig @ns-387.awsdns-48.com zoom.us                                               
                                                                                  
; <<>> DiG 9.16.26 <<>> @ns-387.awsdns-48.com zoom.us                             
; (1 server found)                                                                
;; global options: +cmd                                                           
;; Got answer:                                                                    
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17927                         
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1              
;; WARNING: recursion requested but not available                                 
                                                                                  
;; OPT PSEUDOSECTION:                                                             
; EDNS: version: 0, flags:; udp: 4096                                             
;; QUESTION SECTION:                                                              
;zoom.us.                       IN      A                                         
                                                                                  
;; ANSWER SECTION:                                                                
zoom.us.                60      IN      A       170.114.10.69                     
                                                                                  
;; AUTHORITY SECTION:                                                             
zoom.us.                172800  IN      NS      ns-1137.awsdns-14.org.            
zoom.us.                172800  IN      NS      ns-1772.awsdns-29.co.uk.          
zoom.us.                172800  IN      NS      ns-387.awsdns-48.com.             
zoom.us.                172800  IN      NS      ns-888.awsdns-47.net.             
                                                                                  
;; Query time: 24 msec                                                            
;; SERVER: 205.251.193.131#53(205.251.193.131)                                    
;; WHEN: Tue Mar 15 16:29:43 Central Daylight Time 2022                           
;; MSG SIZE  rcvd: 192

                    If your having a problem resolving anything specific - its best do a trace to see where it might be failing..

                    [22.01-RELEASE][admin@sg4860.local.lan]/: dig zoom.us +trace +nodnssec

; <<>> DiG 9.16.23 <<>> zoom.us +trace +nodnssec
;; global options: +cmd
.                       70603   IN      NS      f.root-servers.net.
.                       70603   IN      NS      l.root-servers.net.
.                       70603   IN      NS      e.root-servers.net.
.                       70603   IN      NS      h.root-servers.net.
.                       70603   IN      NS      g.root-servers.net.
.                       70603   IN      NS      k.root-servers.net.
.                       70603   IN      NS      i.root-servers.net.
.                       70603   IN      NS      j.root-servers.net.
.                       70603   IN      NS      b.root-servers.net.
.                       70603   IN      NS      a.root-servers.net.
.                       70603   IN      NS      m.root-servers.net.
.                       70603   IN      NS      c.root-servers.net.
.                       70603   IN      NS      d.root-servers.net.
;; Received 239 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

us.                     172800  IN      NS      b.cctld.us.
us.                     172800  IN      NS      f.cctld.us.
us.                     172800  IN      NS      k.cctld.us.
us.                     172800  IN      NS      w.cctld.us.
us.                     172800  IN      NS      x.cctld.us.
us.                     172800  IN      NS      y.cctld.us.
;; Received 402 bytes from 199.7.91.13#53(d.root-servers.net) in 32 ms

zoom.us.                7200    IN      NS      ns-387.awsdns-48.com.
zoom.us.                7200    IN      NS      ns-1137.awsdns-14.org.
zoom.us.                7200    IN      NS      ns-888.awsdns-47.net.
zoom.us.                7200    IN      NS      ns-1772.awsdns-29.co.uk.
;; Received 176 bytes from 2001:dcd:3::15#53(y.cctld.us) in 36 ms

zoom.us.                60      IN      A       170.114.10.69
zoom.us.                172800  IN      NS      ns-1137.awsdns-14.org.
zoom.us.                172800  IN      NS      ns-1772.awsdns-29.co.uk.
zoom.us.                172800  IN      NS      ns-387.awsdns-48.com.
zoom.us.                172800  IN      NS      ns-888.awsdns-47.net.
;; Received 192 bytes from 205.251.198.236#53(ns-1772.awsdns-29.co.uk) in 13 ms

[22.01-RELEASE][admin@sg4860.local.lan]/:

                    I added the +nodnssec just to make it easier to read, otherwise it adds that info that distracts from the actual trace.

                    The trace would show you where your failing to talk to in the line talking down from roots..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                    D 1 Reply Last reply Reply Quote 0
                    • D
                      dma_pf @johnpoz
                      last edited by

                      @johnpoz Here you go guys. Thank You so much for your help! This has been driving me nuts all day.

                      Shell Output - dig @ns-1772.awsdns-29.co.uk. zoom.us

; <<>> DiG 9.16.23 <<>> @ns-1772.awsdns-29.co.uk. zoom.us
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40130
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zoom.us.			IN	A

;; ANSWER SECTION:
zoom.us.		60	IN	A	170.114.10.71

;; AUTHORITY SECTION:
zoom.us.		172800	IN	NS	ns-1137.awsdns-14.org.
zoom.us.		172800	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		172800	IN	NS	ns-387.awsdns-48.com.
zoom.us.		172800	IN	NS	ns-888.awsdns-47.net.

;; Query time: 15 msec
;; SERVER: 205.251.198.236#53(205.251.198.236)
;; WHEN: Tue Mar 15 17:46:42 EDT 2022
;; MSG SIZE  rcvd: 192

                      ; <<>> DiG 9.16.23 <<>> @ns-387.awsdns-48.com zoom.us
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63016
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zoom.us.			IN	A

;; ANSWER SECTION:
zoom.us.		60	IN	A	170.114.10.69

;; AUTHORITY SECTION:
zoom.us.		172800	IN	NS	ns-1137.awsdns-14.org.
zoom.us.		172800	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		172800	IN	NS	ns-387.awsdns-48.com.
zoom.us.		172800	IN	NS	ns-888.awsdns-47.net.

;; Query time: 4 msec
;; SERVER: 205.251.193.131#53(205.251.193.131)
;; WHEN: Tue Mar 15 17:40:16 EDT 2022
;; MSG SIZE  rcvd: 192

                      ; <<>> DiG 9.16.23 <<>> @ns-888.awsdns-47.net. zoom.us
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31356
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zoom.us.			IN	A

;; ANSWER SECTION:
zoom.us.		60	IN	A	170.114.10.74

;; AUTHORITY SECTION:
zoom.us.		172800	IN	NS	ns-1137.awsdns-14.org.
zoom.us.		172800	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		172800	IN	NS	ns-387.awsdns-48.com.
zoom.us.		172800	IN	NS	ns-888.awsdns-47.net.

;; Query time: 5 msec
;; SERVER: 205.251.195.120#53(205.251.195.120)
;; WHEN: Tue Mar 15 17:48:23 EDT 2022
;; MSG SIZE  rcvd: 192

                      ; <<>> DiG 9.16.23 <<>> @ns-1137.awsdns-14.org. zoom.us
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4091
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zoom.us.			IN	A

;; ANSWER SECTION:
zoom.us.		60	IN	A	170.114.10.80

;; AUTHORITY SECTION:
zoom.us.		172800	IN	NS	ns-1137.awsdns-14.org.
zoom.us.		172800	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		172800	IN	NS	ns-387.awsdns-48.com.
zoom.us.		172800	IN	NS	ns-888.awsdns-47.net.

;; Query time: 14 msec
;; SERVER: 205.251.196.113#53(205.251.196.113)
;; WHEN: Tue Mar 15 17:50:38 EDT 2022
;; MSG SIZE  rcvd: 192

                      ; <<>> DiG 9.16.23 <<>> zoom.us +trace +nodnssec
;; global options: +cmd
.			80408	IN	NS	h.root-servers.net.
.			80408	IN	NS	i.root-servers.net.
.			80408	IN	NS	j.root-servers.net.
.			80408	IN	NS	k.root-servers.net.
.			80408	IN	NS	l.root-servers.net.
.			80408	IN	NS	m.root-servers.net.
.			80408	IN	NS	a.root-servers.net.
.			80408	IN	NS	b.root-servers.net.
.			80408	IN	NS	c.root-servers.net.
.			80408	IN	NS	d.root-servers.net.
.			80408	IN	NS	e.root-servers.net.
.			80408	IN	NS	f.root-servers.net.
.			80408	IN	NS	g.root-servers.net.
;; Received 239 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

us.			172800	IN	NS	b.cctld.us.
us.			172800	IN	NS	f.cctld.us.
us.			172800	IN	NS	k.cctld.us.
us.			172800	IN	NS	w.cctld.us.
us.			172800	IN	NS	x.cctld.us.
us.			172800	IN	NS	y.cctld.us.
couldn't get address for 'b.cctld.us': not found
couldn't get address for 'f.cctld.us': not found
couldn't get address for 'k.cctld.us': not found
couldn't get address for 'w.cctld.us': not found
couldn't get address for 'x.cctld.us': not found
couldn't get address for 'y.cctld.us': not found
dig: couldn't get address for 'b.cctld.us': no more
                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @dma_pf
                        last edited by johnpoz

                        @dma_pf said in Zoom Blocked, Completely Stumped.:

                        ouldn't get address for 'b.cctld.us': not found
                        couldn't get address for 'f.cctld.us': not found
                        couldn't get address for 'k.cctld.us': not found
                        couldn't get address for 'w.cctld.us': not found
                        couldn't get address for 'x.cctld.us': not found
                        couldn't get address for 'y.cctld.us': not found

                        There is where you failing - you can not talk to the next gtld servers the ones that know where the ns are for anything .us

                        I would say you are not able to talk to roots to get that... For example you should be able to query root servers and ask for the IP of any of those cctld.us servers.. example

                        $ dig @h.root-servers.net b.cctld.us

; <<>> DiG 9.16.26 <<>> @h.root-servers.net b.cctld.us
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10358
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 13
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;b.cctld.us.                    IN      A

;; AUTHORITY SECTION:
us.                     172800  IN      NS      b.cctld.us.
us.                     172800  IN      NS      f.cctld.us.
us.                     172800  IN      NS      k.cctld.us.
us.                     172800  IN      NS      w.cctld.us.
us.                     172800  IN      NS      x.cctld.us.
us.                     172800  IN      NS      y.cctld.us.

;; ADDITIONAL SECTION:
b.cctld.us.             172800  IN      A       156.154.125.70
f.cctld.us.             172800  IN      A       209.173.58.70
k.cctld.us.             172800  IN      A       156.154.128.70
w.cctld.us.             172800  IN      A       37.209.192.15
x.cctld.us.             172800  IN      A       37.209.194.15
y.cctld.us.             172800  IN      A       37.209.196.15
b.cctld.us.             172800  IN      AAAA    2001:502:ad09::29
f.cctld.us.             172800  IN      AAAA    2001:500:3682::11
k.cctld.us.             172800  IN      AAAA    2001:503:e239::3:1
w.cctld.us.             172800  IN      AAAA    2001:dcd:1::15
x.cctld.us.             172800  IN      AAAA    2001:dcd:2::15
y.cctld.us.             172800  IN      AAAA    2001:dcd:3::15

;; Query time: 50 msec
;; SERVER: 198.97.190.53#53(198.97.190.53)
;; WHEN: Tue Mar 15 17:03:43 Central Daylight Time 2022
;; MSG SIZE  rcvd: 397

                        If you can not talk to roots - then really you wouldn't be able to resolve anything..

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                        D 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @dma_pf
                          last edited by

                          @dma_pf said in Zoom Blocked, Completely Stumped.:

                          No other servers listed here. Only using the root servers.

                          Your not pointing directly to roots in your dns config on pfsense are you?? out of the box pfsense resolves, you should not point anywhere.. You should only point to 127.0.0.1 (unbound) and it knows the root servers..

                          If you can not talk to roots, you wouldn't be able to resolve anything - but you can not query them recursive... You can only ask them for NSs of the tld, If your like forwarding to roots - that would never work..

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                          D 1 Reply Last reply Reply Quote 0
                          • D
                            dma_pf @johnpoz
                            last edited by

                            @johnpoz Here's what I get:

                            ; <<>> DiG 9.16.23 <<>> @h.root-servers.net b.cctld.us
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3117
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 13
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;b.cctld.us.			IN	A

;; AUTHORITY SECTION:
us.			172800	IN	NS	b.cctld.us.
us.			172800	IN	NS	f.cctld.us.
us.			172800	IN	NS	k.cctld.us.
us.			172800	IN	NS	w.cctld.us.
us.			172800	IN	NS	x.cctld.us.
us.			172800	IN	NS	y.cctld.us.

;; ADDITIONAL SECTION:
b.cctld.us.		172800	IN	A	156.154.125.70
f.cctld.us.		172800	IN	A	209.173.58.70
k.cctld.us.		172800	IN	A	156.154.128.70
w.cctld.us.		172800	IN	A	37.209.192.15
x.cctld.us.		172800	IN	A	37.209.194.15
y.cctld.us.		172800	IN	A	37.209.196.15
b.cctld.us.		172800	IN	AAAA	2001:502:ad09::29
f.cctld.us.		172800	IN	AAAA	2001:500:3682::11
k.cctld.us.		172800	IN	AAAA	2001:503:e239::3:1
w.cctld.us.		172800	IN	AAAA	2001:dcd:1::15
x.cctld.us.		172800	IN	AAAA	2001:dcd:2::15
y.cctld.us.		172800	IN	AAAA	2001:dcd:3::15

;; Query time: 35 msec
;; SERVER: 198.97.190.53#53(198.97.190.53)
;; WHEN: Tue Mar 15 18:05:47 EDT 2022
;; MSG SIZE  rcvd: 397

                            Question is why is it failing? And only for that domain? I haven't had any issues with anything else resolving all day.

                            I'm 20 miles from the University Of Maryland....and I'm an alumni. You'd think they'd give me more respect!

                            Does this mean that I will need to go to forwarding mode in resolver?

                            johnpozJ 1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              Doh!
                              Does it also work against that server Unbound is trying:

                              [2.6.0-RELEASE][admin@cedev-3.stevew.lan]/root: dig @205.251.195.120 zoom.us

; <<>> DiG 9.16.23 <<>> @205.251.195.120 zoom.us
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57270
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zoom.us.			IN	A

;; ANSWER SECTION:
zoom.us.		60	IN	A	170.114.10.89

;; AUTHORITY SECTION:
zoom.us.		172800	IN	NS	ns-1137.awsdns-14.org.
zoom.us.		172800	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		172800	IN	NS	ns-387.awsdns-48.com.
zoom.us.		172800	IN	NS	ns-888.awsdns-47.net.

;; Query time: 15 msec
;; SERVER: 205.251.195.120#53(205.251.195.120)
;; WHEN: Tue Mar 15 22:15:00 GMT 2022
;; MSG SIZE  rcvd: 192
                              D 1 Reply Last reply Reply Quote 0
                              • johnpozJ
                                johnpoz LAYER 8 Global Moderator @dma_pf
                                last edited by

                                @dma_pf ok so that looks fine... So can you actually query any of the cctld.us server for zoom.us?

                                From your trace it said it could not get an IP for any of the cctld.us servers. But maybe it just couldn't talk to them - try doing a directed query to any of those IPs asking for zoom.us ns..

                                example

                                $ dig @37.209.192.15 zoom.us NS

; <<>> DiG 9.16.26 <<>> @37.209.192.15 zoom.us NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58274
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;zoom.us.                       IN      NS

;; AUTHORITY SECTION:
zoom.us.                7200    IN      NS      ns-1772.awsdns-29.co.uk.
zoom.us.                7200    IN      NS      ns-1137.awsdns-14.org.
zoom.us.                7200    IN      NS      ns-387.awsdns-48.com.
zoom.us.                7200    IN      NS      ns-888.awsdns-47.net.

;; Query time: 36 msec
;; SERVER: 37.209.192.15#53(37.209.192.15)
;; WHEN: Tue Mar 15 17:23:04 Central Daylight Time 2022
;; MSG SIZE  rcvd: 176

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                                D 1 Reply Last reply Reply Quote 0
                                • D
                                  dma_pf @stephenw10
                                  last edited by

                                  @stephenw10 said in Zoom Blocked, Completely Stumped.:

                                  Does it also work against that server Unbound is trying:

                                  I'm not quite sure if you're asking me to find out which server my Unbound is using or run the query in your example. If it's the IP that my Unbound is using, how do I find it? As far as I know it just queries the 13 roots.

                                  If it's the query you provided here what I get:

                                  ; <<>> DiG 9.16.23 <<>> @205.251.195.120 zoom.us
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65232
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zoom.us.			IN	A

;; ANSWER SECTION:
zoom.us.		60	IN	A	170.114.10.85

;; AUTHORITY SECTION:
zoom.us.		172800	IN	NS	ns-1137.awsdns-14.org.
zoom.us.		172800	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		172800	IN	NS	ns-387.awsdns-48.com.
zoom.us.		172800	IN	NS	ns-888.awsdns-47.net.

;; Query time: 7 msec
;; SERVER: 205.251.195.120#53(205.251.195.120)
;; WHEN: Tue Mar 15 18:18:41 EDT 2022
;; MSG SIZE  rcvd: 192
                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    dma_pf @johnpoz
                                    last edited by

                                    @johnpoz said in Zoom Blocked, Completely Stumped.:

                                    try doing a directed query to any of those IPs asking for zoom.us ns..

                                    Here you go...I ran a query for each of the IPv4 servers.

                                    ; <<>> DiG 9.16.23 <<>> @156.154.125.70 zoom.us NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23918
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: ae492118dabb530301000000623112e53cdc60e78d6495b9 (good)
;; QUESTION SECTION:
;zoom.us.			IN	NS

;; AUTHORITY SECTION:
zoom.us.		7200	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		7200	IN	NS	ns-888.awsdns-47.net.
zoom.us.		7200	IN	NS	ns-387.awsdns-48.com.
zoom.us.		7200	IN	NS	ns-1137.awsdns-14.org.

;; Query time: 9 msec
;; SERVER: 156.154.125.70#53(156.154.125.70)
;; WHEN: Tue Mar 15 18:27:49 EDT 2022
;; MSG SIZE  rcvd: 204

                                    ; <<>> DiG 9.16.23 <<>> @209.173.58.70 zoom.us NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64421
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 46c30a9773371738010000006231134cc91442fbc9c0d52b (good)
;; QUESTION SECTION:
;zoom.us.			IN	NS

;; AUTHORITY SECTION:
zoom.us.		7200	IN	NS	ns-387.awsdns-48.com.
zoom.us.		7200	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		7200	IN	NS	ns-1137.awsdns-14.org.
zoom.us.		7200	IN	NS	ns-888.awsdns-47.net.

;; Query time: 7 msec
;; SERVER: 209.173.58.70#53(209.173.58.70)
;; WHEN: Tue Mar 15 18:29:32 EDT 2022
;; MSG SIZE  rcvd: 204

                                    ; <<>> DiG 9.16.23 <<>> @156.154.128.70 zoom.us NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42094
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 013ba9c4121d43120100000062311378b7be69e034c0357e (good)
;; QUESTION SECTION:
;zoom.us.			IN	NS

;; AUTHORITY SECTION:
zoom.us.		7200	IN	NS	ns-1137.awsdns-14.org.
zoom.us.		7200	IN	NS	ns-387.awsdns-48.com.
zoom.us.		7200	IN	NS	ns-888.awsdns-47.net.
zoom.us.		7200	IN	NS	ns-1772.awsdns-29.co.uk.

;; Query time: 21 msec
;; SERVER: 156.154.128.70#53(156.154.128.70)
;; WHEN: Tue Mar 15 18:30:16 EDT 2022
;; MSG SIZE  rcvd: 204

                                    ; <<>> DiG 9.16.23 <<>> @37.209.192.15 zoom.us NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4321
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;zoom.us.			IN	NS

;; AUTHORITY SECTION:
zoom.us.		7200	IN	NS	ns-1137.awsdns-14.org.
zoom.us.		7200	IN	NS	ns-387.awsdns-48.com.
zoom.us.		7200	IN	NS	ns-888.awsdns-47.net.
zoom.us.		7200	IN	NS	ns-1772.awsdns-29.co.uk.

;; Query time: 9 msec
;; SERVER: 37.209.192.15#53(37.209.192.15)
;; WHEN: Tue Mar 15 18:30:50 EDT 2022
;; MSG SIZE  rcvd: 176

                                    ; <<>> DiG 9.16.23 <<>> @37.209.194.15 zoom.us NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24122
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;zoom.us.			IN	NS

;; AUTHORITY SECTION:
zoom.us.		7200	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		7200	IN	NS	ns-387.awsdns-48.com.
zoom.us.		7200	IN	NS	ns-888.awsdns-47.net.
zoom.us.		7200	IN	NS	ns-1137.awsdns-14.org.

;; Query time: 9 msec
;; SERVER: 37.209.194.15#53(37.209.194.15)
;; WHEN: Tue Mar 15 18:31:20 EDT 2022
;; MSG SIZE  rcvd: 176

                                    ; <<>> DiG 9.16.23 <<>> @37.209.196.15 zoom.us NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28567
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;zoom.us.			IN	NS

;; AUTHORITY SECTION:
zoom.us.		7200	IN	NS	ns-1772.awsdns-29.co.uk.
zoom.us.		7200	IN	NS	ns-387.awsdns-48.com.
zoom.us.		7200	IN	NS	ns-888.awsdns-47.net.
zoom.us.		7200	IN	NS	ns-1137.awsdns-14.org.

;; Query time: 7 msec
;; SERVER: 37.209.196.15#53(37.209.196.15)
;; WHEN: Tue Mar 15 18:31:46 EDT 2022
;; MSG SIZE  rcvd: 176
                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dma_pf @johnpoz
                                      last edited by dma_pf

                                      @johnpoz said in Zoom Blocked, Completely Stumped.:

                                      Your not pointing directly to roots in your dns config on pfsense are you?? out of the box pfsense resolves, you should not point anywhere.. You should only point to 127.0.0.1 (unbound) and it knows the root servers..
                                      If you can not talk to roots, you wouldn't be able to resolve anything - but you can not query them recursive... You can only ask them for NSs of the tld, If your like forwarding to roots - that would never work..

                                      Sorry, I missed this earlier. What I meant to say is that I am using Unbound in it's default state. Unbound only resolves through the 13 root servers via its default settings. There is no forwarding in resolver settings. Everything with internet access is pointed to pfsense for its dns server except for 1 client. There is a AD domain controller which that 1 client points (via DHCP settings) to for its dns. The AD DNS then forwards to pfsense. It's been this way for years without issues.

                                      But the inability to get to zoom.us is universal to all devices on the network, regardless of whether or not it uses unbound directly or if it being forwarded from the AD domain controller.

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Try bumping up the logging level on Unbound. It must be seeing an error somewhere.

                                        D 1 Reply Last reply Reply Quote 0
                                        • D
                                          dma_pf @stephenw10
                                          last edited by

                                          @stephenw10 I bumped the log level up to 5 (from 3). Waited until the clock turned to 7:41 and did a DNS lookup. In the log I filtered by Mar 15 19:41:0 and here's what I got:

                                          Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: send_udp over interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: receive_udp on interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: send_udp over interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: receive_udp on interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: send_udp over interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: receive_udp on interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: send_udp over interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: receive_udp on interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: send_udp over interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: receive_udp on interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: cache memory msg=257779 rrset=679453 infra=181905 val=165184
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: 2.000000 4.000000 2
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: 1.000000 2.000000 2
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: 0.524288 1.000000 11
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: 0.262144 0.524288 15
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: 0.131072 0.262144 22
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: 0.065536 0.131072 12
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: 0.032768 0.065536 19
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: 0.016384 0.032768 30
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: 0.008192 0.016384 8
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: 0.000000 0.000001 6
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: lower(secs) upper(secs) recursions
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: [25%]=0.0260779 median[50%]=0.0682667 [75%]=0.251718
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: histogram of recursion processing times
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: average recursion processing time 0.217590 sec
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: mesh_run: end 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 127 recursion replies sent, 0 replies dropped, 0 states jostled out
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: query took 0.000000 sec
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: send_udp over interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: mesh_run: validator module exit state is module_finished
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: val handle processing q with state VAL_FINISHED_STATE
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: chased extract ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: logfiles.zoom.us. IN A ;; ANSWER SECTION: logfiles.zoom.us. 3194 IN CNAME us01-logfiles-va.zoom.us. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 65
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: no signer, using logfiles.zoom.us. TYPE0 CLASS0
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: validator classification cname
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: val handle processing q with state VAL_INIT_STATE
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: validator: nextmodule returned
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: validator operate: query logfiles.zoom.us. A IN
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: mesh_run: iterator module exit state is module_finished
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: prepending 2 rrsets
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: finishing processing for logfiles.zoom.us. A IN
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: iter_handle processing q with state FINISHED RESPONSE STATE
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: returning answer from cache.
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: msg ttl is 3506, prefetch ttl 3146
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: us01-logfiles-va-9.zoom.us. IN A ;; ANSWER SECTION: us01-logfiles-va-9.zoom.us. 3445 IN A 170.114.15.223 ;; AUTHORITY SECTION: zoom.us. 85858 IN NS ns-888.awsdns-47.net. zoom.us. 85858 IN NS ns-1137.awsdns-14.org. zoom.us. 85858 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 85858 IN NS ns-387.awsdns-48.com. ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 200
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: request has dependency depth of 0
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: resolving logfiles.zoom.us. A IN
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: iter_handle processing q with state INIT REQUEST STATE
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: returning CNAME response from cache
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: msg ttl is 3570, prefetch ttl 3213
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: us01-logfiles-va.zoom.us. IN A ;; ANSWER SECTION: us01-logfiles-va.zoom.us. 3570 IN CNAME us01-logfiles-va-9.zoom.us. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 75
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: request has dependency depth of 0
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: resolving logfiles.zoom.us. A IN
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: iter_handle processing q with state INIT REQUEST STATE
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: returning CNAME response from cache
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: msg ttl is 3194, prefetch ttl 2875
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: logfiles.zoom.us. IN A ;; ANSWER SECTION: logfiles.zoom.us. 3194 IN CNAME us01-logfiles-va.zoom.us. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 65
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: request has dependency depth of 0
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: resolving logfiles.zoom.us. A IN
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: iter_handle processing q with state INIT REQUEST STATE
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: process_request: new external request event
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: mesh_run: validator module exit state is module_wait_module
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: validator: pass to next module
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: validator operate: query logfiles.zoom.us. A IN
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: mesh_run: start
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: udp request from ip4 192.168.165.2 port 56469 (len 16)
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: answer from the cache failed
Mar 15 19:41:03 	unbound 	25496 	[25496:2] debug: Cache reply: cname chain broken
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: receive_udp on interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: send_udp over interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:2] info: receive_udp on interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:0] info: send_udp over interface: 192.168.163.1
Mar 15 19:41:03 	unbound 	25496 	[25496:0] info: receive_udp on interface: 192.168.163.1
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: close fd 24
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: comm_point_close of 24: event_del
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: close of port 39760
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: serviced_delete
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: svcd callbacks end
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: cache memory msg=257779 rrset=679453 infra=181905 val=165184
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: 2.000000 4.000000 1
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: 1.000000 2.000000 1
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: 0.524288 1.000000 3
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: 0.262144 0.524288 10
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: 0.131072 0.262144 16
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: 0.065536 0.131072 4
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: 0.032768 0.065536 4
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: 0.016384 0.032768 5
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: 0.008192 0.016384 1
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: 0.000000 0.000001 2
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: lower(secs) upper(secs) recursions
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: [25%]=0.063488 median[50%]=0.192512 [75%]=0.347341
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: histogram of recursion processing times
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: average recursion processing time 0.270629 sec
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: mesh_run: end 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 47 recursion replies sent, 0 replies dropped, 0 states jostled out
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: mesh_run: validator module exit state is module_finished
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: val handle processing q with state VAL_FINISHED_STATE
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: no signer, using zoom.us. TYPE0 CLASS0
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: validator classification nodata
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: val handle processing q with state VAL_INIT_STATE
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: validator: nextmodule returned
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: validator operate: query zoom.us. CNAME IN
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: mesh_run: iterator module exit state is module_finished
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: finishing processing for zoom.us. CNAME IN
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: iter_handle processing q with state FINISHED RESPONSE STATE
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: query response was nodata ANSWER
Mar 15 19:41:00 	unbound 	25496 	[25496:1] debug: iter_handle processing q with state QUERY RESPONSE STATE
Mar 15 19:41:00 	unbound 	25496 	[25496:1] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr aa ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: zoom.us. IN CNAME ;; ANSWER SECTION: ;; AUTHORITY SECTION: zoom.us. 3600 IN SOA ns-1137.awsdns-14.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 110

                                          I immediately copied and pasted it into notepad. Then I tried to filter the log by Mar 15 19:41:1 but I got nothing. I presume the log file had already been written over. If you need more than what I got I'll have to up the size of the log file. Let me know.

                                          D 1 Reply Last reply Reply Quote 0
                                          • D
                                            dma_pf @dma_pf
                                            last edited by

                                            @stephenw10 I'm digging into this a bit farther and I'm finding a bunch of stuff. I'm finding multiple entries like these:

                                            db302f38-0359-4ad7-88f7-dff8e9fdc443-image.png
                                            8c52a0f3-6e7a-413e-8139-c4def9385901-image.png
                                            f3c29355-5096-4056-a3de-e2ec8529ea79-image.png
                                            28ba02f2-9e85-4867-af77-b18158b8ff92-image.png
                                            0f5f4bca-82fe-4961-85c3-557d6e56abcc-image.png
                                            0e14f29d-4e13-45ff-8b5d-7d999c903021-image.png

                                            These IPs are all the cctld.us. root servers we identified as authoritative for zoom.us. I'm not sure if this would be the correct syntax for a grep command but I tried to run this command:

                                            grep xxx.xxx.xxx.xxx /var/db/pfblockerng/original/*

                                            at the command prompt, for each IP, to see if the IPs were in a pfblocker feed. All of the searches returned nothing.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post